CVE-2018-25117 in Control Panelthông tin

Tóm tắt

Bởi MITRE • 15/10/2025

VestaCP commit a3f0fa1 (2018-05-31) up to commit ee03eff (2018-06-13) contain embedded malicious code that resulted in a supply-chain compromise. New installations created from the compromised installer since at least May 2018 were subject to installation of Linux/ChachaDDoS, a multi-stage DDoS bot that uses Lua for second- and third-stage components. The compromise leaked administrative credentials (base64-encoded admin password and server domain) to an external URL during installation and/or resulted in the installer dropping and executing a DDoS malware payload under local system privileges. Compromised servers were subsequently observed participating in large-scale DDoS activity. Vesta acknowledged exploitation in the wild in October 2018.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

chịu trách nhiệm

VulnCheck

Đặt trước

14/10/2025

Tiết lộ

15/10/2025

Kiểm duyệt

được chấp nhận

EPSS

0.00411

KEV

không

Các hoạt động

rất thấp

Nguồn

Do you want to use VulDB in your project?

Use the official API to access entries easily!